At The Red Guild, we share periodic public updates on what we've done, what we're up to, and what's to come. This helps us stay accountable and committed to our work while we open ourselves to the community.
In case you missed the last one, you can find all our updates here:
There's so much to share in this update. We know we've been quiet for a while. But quiet is not dormant. On the contrary, the last months at The Red Guild have been full of writing, coding, shipping, presenting, designing, networking, expanding, travelling, and a big etc.
We should've posted more updates on the blog. Though we prioritized other work, and ended up falling short at sharing our progress with you all, as we're known for. In any case, here we are!
Today's update sums up everything we've accomplished since March 🙀 including:
- The Phishing Dojo
- Team & Collaborators
- Identity & Design
- Events
- Ecosystem Support
- Leading Frameworks at SEAL
and more on latest articles, tooling and Damn Vulnerable DeFi. Closing, as usual, with what's to come! 🏃
The Phishing Dojo
The elephant in the room. The most likely cause of all our delays sharing this update with you.
We first introduced The Phishing Dojo to the community at Devcon 2024, where we had an early demo of our grand vision of an advanced training platform to educate users and developers in the most notorious threats facing crypto these days.
All the incredible feedback we got from the community pushed us to double-down on this project. For the last 6 months we've been heads down turning The Phishing Dojo into what's to be the first and most sophisticated threat simulation platform in the crypto ecosystem.
We set out to ship it just in time for ETHCC, which we did! 🎉

Start training the core skills to avoid phishing, scams, and social engineering attacks in crypto in The Phishing Dojo! 🥋
Launching this new version of The Phishing Dojo at ETHCC was no small feat for a team of not three, but two and a half people. There's been tons of learning in the process of going from the early Devcon version to this latest beta version that includes:
- User registrations – also catering for anonymous users who may sign-up and save their progress later
- Personal dashboard
- Progress tracking – for yourself or your team
- Support for trainings with multiple modules, each consisting of interactive challenges + multimedia content (videos, slides, text, etc)
- Admin dashboard for creation of challenges, team management, and full customization of training
With this beta version out in the streets, we'll continue gathering users' feedback and improving the maturity and stability of the platform. Only then will we continue expanding for more training, scenarios, and lots of cool features we've got in the roadmap.
Team & collaborators
Even if we intend The Red Guild to remain small and focused, we do want to grow our team to bring special skills our original members might not have.
In that line, @tebayoso has joined us as a part-time lead product developer at The Red Guild, bringing all his experience in software engineering to turn The Phishing Dojo into the first threat simulation platform for the crypto ecosystem.
Working in tandem with our graphic designer, we've also got a new front-end developer contributing to bringing the new identity to life in our sites.
For some time, we entertained the idea of bringing an intern into the Guild, supported by the latest sponsored internships program by the Ethereum Foundation. But after some back and forth as we aligned expectations, we ended up withdrawing our application. We've come to the conclusion that we're still a small team without enough capacity to support an intern fully. We'll reconsider in the future!
Identity & design
Some months ago, we started working with a new designer to revamp our whole visual identity. After some iterations, it looks like we're getting there!

Taking advantage of the brand's overhaul, we've completely redesigned our landing page. Have you checked it yet? Here's a quick snippet:


In the meantime, we continue giving away our swag at all events we attend. Find us if you'd like some cool stickers and shirts!
Events
We've organized, supported, and/or participated in a handful of outstanding events. Needless to say, this involves not only just showing up to do a talk. We take our public appearances seriously. We aim for the content we deliver to be as fresh and up-to-date as possible for each occasion.
So all of these involved planning, researching, consuming and digesting tons of information from talks, articles, threads, then brainstorming ideas, coming up with new ways of presenting them to the audience, and finally putting together slides and making a cool script for the talk (leaving some space for randomness and impro 🧑🎤).
+100 builders @ Blockchain Tandil
During May, we helped organize, coordinate, and participate in Blockchain Tandil. A local event in the city of Tandil (Argentina) where over +100 builders gathered to learn about blockchain technologies and the Ethereum ecosystem.
We'll let these pics and videos speak for themselves:
Y así fue Blockchain Tandil 🗻🫶🏻
— Suka | SEED (@suka_df) May 11, 2025
NUNCA nos hubiéramos que tanta gente iba a participar y estaba tan interesada en eventos como este.
Mis KPIs de que esto fue un éxito:
⏰ Eran las 7:30pm y había aún salas llenas con la gente preguntando e interactuando.
💜 Recibimos mucho… pic.twitter.com/lroWJHtuSL
Email Phishing @ Ethereum Argentina
In June, we had @tebayoso presenting parts of The Phishing Dojo and its importance for the ecosystem in Ethereum Argentina, particularly focusing on the detection of phishing emails.
El phishing por email sigue siendo el método más usado y exitoso.⁰⁰Ya está el video completo de la charla "Email Phishing, don't get rekt" por @tebayoso de @theredguild ! 🎣🚫
— Ethereum Argentina 🦇🔊 (@EtherArgentina) June 6, 2025
Jorge presentó Fishing Doyo, el sandbox open-source de The Red Guild para que aprendamos a identificar…
Here's the talk's video in Spanish, where we go over the most common threats and then close with some realistic examples using an older version of The Phishing Dojo:
Talk's in Spanish 🇪🇸
It's so cool to see how much the Dojo has changed, only since June, when tebayoso shared it in Ethereum Argentina! It's evolving really fast ⚡🥋
Detecting phishing threats @ ETHBelgrade
In June, @tinchoabbate presented a 30-minute talk at ETHBelgrade, doing a deep dive into the most notorious phishing, scam, and social engineering threats going on in crypto right now.
😻 NEW SPEAKER ANNOUNCEMENT
— ETH Belgrade (@ethbelgrade) March 10, 2025
The cat’s out of the bag! 🐾 @tinchoabbate, co-founder and security researcher at @theredguild, is bringing his sharp claws and even sharper insights to ETH Belgrade 2025.
Tincho will dive into detecting phishing threats in crypto.… pic.twitter.com/wZAJLeFPMP
It was great to meet and connect with Serbia's crypto community. It did feel like LATAM in many ways. We look forward to continuing to collaborate! The talk's video is not uploaded yet - we'll share it when it is. So, subscribe 👇
OpSec with Attack Trees @ DSS Webinar
In June, we also saw @mattaereal deliver a presentation in the DSS Webinar. He shared practical ways to start thinking about your operational security today, using attack trees as a tool to understand how to mitigate criminals' intentions to fulfill their objectives.
If you missed today's DSS webinar, I've got you covered, a link directly to the attack trees presentation. Go and learn how to create one in a few simple steps!https://t.co/9Ms1jYidCI
— matta ⚡🪷 (@mattaereal) June 18, 2025
Don't know anything about opsec? Never heard of attack trees? That's your talk! ☝️
ETHCC
In the last update we shared that we'd be presenting a few talks at ETHCC. We promised, we delivered 😄
Practical Phishing Detection with The Phishing Dojo
In this workshop at ETHCC, matta and tincho briefly shared their view on the state of crypto threats when it comes to phishing, scams, impersonations, social engineering, and other tactics attackers are using to target us all every day.
big workshop today with @mattaereal @theredguild at ETHCC!
— tincho 🪷 (@tinchoabbate) July 2, 2025
🚩16:15 hs Taylor Stagehttps://t.co/48Zt9wLzcE
who's coming? pic.twitter.com/hYx1VrNW5X
After a short talk, they introduced the latest beta version of The Phishing Dojo and let the attendees face many of the threats by themselves.
Live recording of our talk at ETHCC
Don't miss the presentation's intro talk and the ending - that should give you a clear idea of the key features and vision for our Dojo.
Thanks to everyone who joined us in the workshop! You were brave enough to be part of the first batch of beta users of The Phishing Dojo 💪 We got amazing feedback to take back home and continue improving it.
Physical and Operational Security 101
Representing SEAL, during the first day of ETHCC, we delivered a workshop about operational security while traveling. With a highlight for high-profile targets and also some specific suggestions for France.
The contents were based on the Security Frameworks, an initiative led by matta as part of the work that we do for the Security Alliance.
Teaching how to make attack trees and displaying an initial draft of the travel security guide! @_SEAL_Org @theredguild @opsek_io pic.twitter.com/1QXcQcilKv
— matta ⚡🪷 (@mattaereal) June 30, 2025
The workshop consisted of a walkthrough of attack trees, similar to the webinar we mentioned earlier, plus an explanation of the contents of the initial draft of the Travel Guide we're going to introduce later on in this post.
The key difference in this approach was that we left a lot of space for Q&A, and we even handed out printed copies of a TL;DR of the entire presentation.
Ecosystem support
In the last months, we've also continued contributing, in different capacities and roles, to many impactful initiatives in the ecosystem.
Nodo Serrano
A few months ago, motivated by the low amount of events happening outside of Buenos Aires City, in a first approach to decentralize knowledge, we decided to kickstart a new – now the only and first – community hub in Tandil to unite users and builders who want to push the Ethereum ecosystem forward with us 💪
We will describe more about the origins, our relationship, and the need for Nodo Serrano in the future. On July 30th, we expect to launch the physical space and, at the same time, celebrate Ethereum's 10th anniversary by playing Ethereum's recently released documentary, for anyone who wants to join us in conversation.
Nodo Serrano's first interaction with the local community was through a close collaboration with @SEEDLatam, and many other local communities representing builders from Argentina and LATAM.
Now go follow @NodoSerrano, and expect fresh news soon!
ETHRangers
This is an initiative spearheaded by the Ethereum Foundation that we've helped organize and coordinate. Its ultimate goal is supporting people in the ecosystem that contribute to public good initiatives in the security realm. The first batch of rangers has already been selected and is making progress towards each project's goals!

Our role might have started as co-creators of the initiative with responsibilities such as doing the curation, but ended up pivoting to a leadership role throughout the program, assisted mainly by the EF.
We are not far away from seeing the first milestones of the first batch of rangers. We expect this to bring a particular kind of continuity to the initiative the following year.
Wranglers at Mozilla Festival 2025
As wranglers, we're part of a diverse team collaborating with the organizers in curating content and bringing crypto-related topics to the event. As you can imagine, bridging the gap between the "traditional" world and crypto security is proving to be quite challenging. Regardless, we're participating in the meetings and discussions and sharing our views as the festival gets closer and closer!

This year's topic is Unlearning. The dynamics withing this organization are unlike anything we've ever experienced while doing these kind of collaborations – remember that we have a strong background on events coordination and content creation. Still, we're convinced that with our influence and presence we're already making a difference.
We pushed harder – literally almost wrote an essay – to justify why most of the topics should be open to receive submissions about possible applications on blockchain technologies and their responsible use. We even created the track "Unlearning Security" in order to advocate for security-by-default, and we've been proactively, notably, and visibly participating in it.
At the same time, we reached out to several Ethereum communities in LATAM, Security Alliance's peers, Ethereum Foundation, and others to submit content in order to grow our presence. Although we don't have a say in all tracks, we hope everyone who answered our call and contributed gets a chance to participate and share their expertise.
So maybe... we'll see you there before DevConnect? 👀🦊
DeFi Security Summit
We've accepted the invitation to be part of this year's DSS steering committee.
🚨 The DSS 2025 Steering Committee is here!
— Defi Security Summit (@summit_defi) June 4, 2025
DSS brings together the top voices in protocol security -hackers, builders, and toolmakers- to shape the future of safer blockchain systems.
Welcome and welcome back@0xRajeev @Mudit__Gupta @ethzed @tinchoabbate @jack__sanford… pic.twitter.com/wFkQfJKNK6
Proud to be part of such team, and looking forward to contributing with all we can to making DSS in Argentina, during Devconnect, a memorable event.
Security Alliance (SEAL)
Security Frameworks: official launch
A few updates ago, we were using mysterious phrases to say that we were working on things that weren't public yet. Later, we revealed Frameworks as part of these things, but that was just the beginning!
Today, SEAL's Security Frameworks is an official initiative, and because of this, the community-led initiative started getting more traction.
🦭 Introducing SEAL Frameworks: a community-driven security standards hub for web3!
— Security Alliance (@_SEAL_Org) April 14, 2025
No more reinventing security approaches for each project or protocol!
Read more from our initiative lead @mattaereal https://t.co/O1AiwUHy9x
After recent in-depth technical conversations with top SEAL members and contributors, the initiative will undertake a comprehensive restructuring, including changes to current strategies, taxonomy, and any type of content you may encounter.
Today, the initiative hosts different formats of styling information, and that is a direct consequence of trying to satisfy the ecosystem's needs. Where would you include a guide to mitigate DPRK tactics based on Zoom meetings? In a mere blog post that will get outdated, hard to find, and away from community contributions? That's exactly why Frameworks exist, although we're still thinking if 'Frameworks' is the correct word to describe them.
In short, we've now narrowed-down content categories to:
- Benchmarks: reference metrics or standards to measure performance.
- Playbooks: step-by-step actions to respond to specific situations.
- Practical Guides: how-to instructions for implementation or execution.
- Maturity Models: frameworks to assess and improve capability over time through levels.
We expect, in the following months, through the coordination of a focus group of SEALs and interested parties, to steer this initiative into a brighter future.
Operational Security: Travel Guide
Speaking about frameworks, we pushed a first draft of key considerations to bear in mind while traveling.
so, I'm writing an initial draft for the operational security travel guide within SEAL's Security Frameworks.
— matta ⚡🪷 (@mattaereal) June 11, 2025
I would KILL for feedback on this. I know many WILL disagree, and that's OK. I just need anyone besides myself to roast ithttps://t.co/Kyid4hJzGk
This was inspired by the need for written content to be later used for ETHCC's operational security workshop.
The content is to be updated and improved, focusing on the rationale behind each decision and how it might vary depending on your profile. Today's structure presents:
- What you need to know before traveling
- What to do and what not to do while you're there
- What to do afterwards
It also features a dedicated section for high-profile individuals and anyone crossing borders.
Latest articles
One Time Pwnage: advisory on SLOVENLY COMET
This yet-to-be-told story has almost everything, and it apparently has no clear ending, but this is how Opsek and The Red Guild discovered a threat actor intercepting SMS gateways in Argentina, targeting individuals within the ecosystem.

The TL;DR is that upon several requests from an Argentinian local community to research what appeared to be telegram account takeovers, we ended up uncovering something more worrisome. A threat actor was using a Telegram bot to interact with access they had into at least one SMS gateway provider to intercept 2FA and OTP tokens from all known service providers: from iCloud, to Google, MercadoLibre, local banks, and even the Argentinian digital ID MiArgentina.
To date, we still have our doubts that this has stopped, or it appears to be another group targeting Telegram accounts.
You'd wonder why Telegram accounts and not the rest. The answer might not surprise you if you're security-savvy. Most people don't have their Telegram passwords enabled (their confusing way to say 2FA), so they make for an easy target to hijack an account. Since they don't have encryption by default, anyone can go through all your messages and see if you've shared something sensitive to exploit later. As well as detect whether you've chatted with bots that act as crypto wallets too (like BONKBot, for example).
This is a friendly reminder to be careful with what recovery alternatives you choose, especially when it comes to SMS, which you should not depend on at all.
The Custodial Stablecoin Rekt Test
Remember The REKT Test that Trail of Bits launched almost two years ago? Well, recently they released a new version, given the need to understand security risks for stablecoin issuers and their users.
We're proud to have collaborated on this effort, providing feedback and reviewing the test, earning us a public shout-out from Ben! ⭐


Tooling
By now, you should know The Red Guild maintains a devcontainer for development and security work in crypto:
In ETHBelgrade we met Raoul, who shared with us an awesome spin-off of The Red Guild's devcontainer! It's called solarspace.dev:

In essence, Solar Spaces are regular GitHub repositories with a special devcontainer. You can work on your repository by cloning it locally or by opening it in a GitHub Codespace. In addition to the devcontainer, solarspace.dev provides smart URLs that make it easy to create and share your workspace with others.

We're proud to see our work being expanded by others in the community. Big shout-out to Raoul for his work. Definitely go check it out ☀️
Damn Vulnerable DeFi
Damn Vulnerable DeFi continues to be one of the most renowned set of challenges and educational resources to onboard people to smart contract security. Although we're not actively adding new challenges, we're always keeping an eye on community feedback.
That's why we released a new minor version, with some quality-of-life changes and bug fixes that should improve the overall experience, keeping the challenges fresh and entertaining.
Future grants
The last months also found us thinking and exploring new alternatives to organize and structure The Red Guild as we continue to evolve. The ecosystem keeps changing around us, so we need to be constantly adapting our ways to engage with the key actors that contribute to keeping our organization afloat with grants.
In that sense, we've submitted a proposal for a new grant with the Ethereum Foundation's ESP team. In it, we presented a novel structure for our team and initiatives. The goal being to enable us widen and deepen our impact, by leveraging the special skills of satellite, temporary collaborators. We'll keep you posted on how it goes!
What's next?
- Continue sharing the beta version of The Phishing Dojo, incorporating user feedback, and improving the platform's stability. In parallel, we're already devising new scenarios to simulate latest threats on public repositories, blind signing, hardware wallets, and multisigs.
- On the design front, we'll be further developing the Dojo's visual identity in boards and brainstorming sessions to then translate those ideas to the actual UI and UX of the platform.
- Start consolidating team and plans for Devconnect 2025. Big things are cooking! Maybe a security awareness campaign? Who knows 🫢
- Keep participating in the discussions and organization of the Mozilla Festival as wranglers.
- Keep coordinating the Ethereum Rangers program. We're reaching the deadline for the first milestone!
- Take SEAL's Frameworks to the next level with the help of a collaborator's focus group to better define its future.